Skip Menu |

This queue is for tickets about the IO-Socket-SSL CPAN distribution.

Report information
The Basics
Id: 77401
Status: rejected
Priority: 0/
Queue: IO-Socket-SSL
People
Owner: Nobody in particular
Requestors: mark [...] workingtraffic.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu May 24 09:21:35 2012 mark [...] workingtraffic.com - Ticket created
CC: Matthew Hochman <mdhochman [...] optonline.net>
Subject: invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Thu, 24 May 2012 09:21:18 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org, bug-Net-SMTP-TLS [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Greetings, I maintain many e-commerce websites for various clients and about 2 weeks ago it suddenly became impossible for any of my Perl code to send e-mail to customers or clients when orders were placed from the websites. All my code uses the module NET::SMTP::TLS after debugging this code I found that the error causing the code to crash was coming from another module which TLS depends upon, namely: IO::Socket::SSL. I also tried using NET::SMTP::SSL The error is: invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308 I have tried to use the simple NET::SMTP to send mail (which does not require the SSL module) but then I have to send from localhost which does not have a FQDN and therefore all the email ends up being filtered out as spam. Perl seems totally dependent upon NET::SMTP to be able to send e-mail so I am at a dead end and none of my clients or their customers are receiving sales notification/receipts. I hope you can find the time to fix this bug (which must have been introduced in a new version of one of the modules) . My guess is that ::SSL now requires a version number to be passed and that ::TLS is not doing this, so therefore ::TLS needs updating so that it passes the version number in a way that IO::Socket::SSL accepts, or I guess IO::Socket::SSL could be modified to take a version number optionally? This is just a guess in case it helps to fast track a fix for this urgent issue. I have tried to resolve the problem and now I have waited several days expecting a fix to appear, since I assumed 10's of thousands of developers and their customers would be affected by this, but I am starting to think that this bug is not effecting as many people as I thought it would and I am therefore contacting you directly. Note: I have sent this bug report to both bug-IO-Socket-SSL@rt.cpan.org AND bug-Net-SMTP-TLS@rt.cpan.org since I do not know who should best handle this problem? Please help. Best regards, Mark. ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com

Message body is not shown because it is too large.

  Thu May 24 09:40:38 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Hi Mark, Show quoted text
> > invalid SSL_version specified at > /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Net::SMTP::TLS sets SSL_version to a value which was never supported and never documented. Until now bad values were just silently ignored, but with the latest versions of IO::Socket::SSL more syntactic sugar was added to SSL_version and it now croaks on invalid values instead of ignoring them. What you can do: - just delete the setting of SSL_version from Net::SMTP::TLS. IO::Socket::SSL will then use a sensible default. - use Net::SMTP together with Net::SSLGlue::SMTP. The latter transparently adds support for TLS (direct like Net::SMTP::TLS and also via starttls) to Net::SMTP. Regards, Steffen
  Thu May 24 09:40:39 2012 The RT System itself - Status changed from 'new' to 'open'
  Thu May 24 10:00:58 2012 mark [...] workingtraffic.com - Correspondence added
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Thu, 24 May 2012 10:00:34 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Thanks for the prompt reply Steffen! So if I understand correctly I have two options: Hack Net::SMTP::TLS to remove the setting of SSL version number ( I am not sure I am up to that task and it sounds unreliable) use Net::SSLGlue::SMTP instead of Net::SMTP::TLS which avoids the version number issue Could you just confirm that I am understanding my situation correctly ? Also do you have any ETA for a bug fix to solve the issue? Many thank's again, Mark. On 2012/May/24, at 9:40 AM, Steffen Ullrich via RT wrote: <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > Hi Mark, Show quoted text
> > invalid SSL_version specified at > /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Net::SMTP::TLS sets SSL_version to a value which was never supported and never documented. Until now bad values were just silently ignored, but with the latest versions of IO::Socket::SSL more syntactic sugar was added to SSL_version and it now croaks on invalid values instead of ignoring them. What you can do: - just delete the setting of SSL_version from Net::SMTP::TLS. IO::Socket::SSL will then use a sensible default. - use Net::SMTP together with Net::SSLGlue::SMTP. The latter transparently adds support for TLS (direct like Net::SMTP::TLS and also via starttls) to Net::SMTP. Regards, Steffen ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com

Message body is not shown because it is too large.

  Thu May 24 10:11:45 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Am Do 24. Mai 2012, 10:00:58, mark@workingtraffic.com schrieb: Show quoted text
> Thanks for the prompt reply Steffen! > > So if I understand correctly I have two options: > > Hack Net::SMTP::TLS to remove the setting of SSL version number ( I am > not sure I am up to that task and it sounds unreliable)
it's just a single line: if(not IO::Socket::SSL::socket_to_SSL($me->{sock}, - SSL_version => "SSLv3 TLSv1")){ + )){ croak "Couldn't start TLS: ".IO::Socket::SSL::errstr."\n"; Show quoted text
> use Net::SSLGlue::SMTP instead of Net::SMTP::TLS which avoids the > version number issue > > Could you just confirm that I am understanding my situation correctly > ?
yes. Show quoted text
> Also do you have any ETA for a bug fix to solve the issue?
The bug is in Net::SMTP::TLS (use of parameter SSL_version in undocumented way, it never did what the author intended), not in IO::Socket::SSL. So if you want to have it fixed hope that it gets fixed in Net::SMTP::TLS. But given that there are no updates since 2006 it probably will never be fixed there. On the long run the best way would be to use Net::SMTP with Net::SSLGlue::SMTP, because both are activly maintained. Regards, Steffen
  Thu May 24 10:11:46 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'
  Thu May 24 11:30:53 2012 mark [...] workingtraffic.com - Correspondence added
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Thu, 24 May 2012 11:30:34 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Thanks Steffen, I will take your advice. ...the last update on ::TLS is sad though, I get the feeling nobody uses Perl anymore :-/ On 2012/May/24, at 10:11 AM, Steffen Ullrich via RT wrote: <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > Am Do 24. Mai 2012, 10:00:58, mark@workingtraffic.com schrieb: Show quoted text
> Thanks for the prompt reply Steffen! > > So if I understand correctly I have two options: > > Hack Net::SMTP::TLS to remove the setting of SSL version number ( I am > not sure I am up to that task and it sounds unreliable)
it's just a single line: if(not IO::Socket::SSL::socket_to_SSL($me->{sock}, - SSL_version => "SSLv3 TLSv1")){ + )){ croak "Couldn't start TLS: ".IO::Socket::SSL::errstr."\n"; Show quoted text
> use Net::SSLGlue::SMTP instead of Net::SMTP::TLS which avoids the > version number issue > > Could you just confirm that I am understanding my situation correctly > ?
yes. Show quoted text
> Also do you have any ETA for a bug fix to solve the issue?
The bug is in Net::SMTP::TLS (use of parameter SSL_version in undocumented way, it never did what the author intended), not in IO::Socket::SSL. So if you want to have it fixed hope that it gets fixed in Net::SMTP::TLS. But given that there are no updates since 2006 it probably will never be fixed there. On the long run the best way would be to use Net::SMTP with Net::SSLGlue::SMTP, because both are activly maintained. Regards, Steffen ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com

Message body is not shown because it is too large.

  Thu May 24 11:30:54 2012 The RT System itself - Status changed from 'rejected' to 'open'
  Mon May 28 16:06:15 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Am Do 24. Mai 2012, 11:30:53, mark@workingtraffic.com schrieb: Show quoted text
> Thanks Steffen, I will take your advice. > > ...the last update on ::TLS is sad though, I get the feeling nobody > uses Perl anymore :-/
fortunatly there are still lots of people using perl, otherwise you would not get help here :)
  Mon May 28 16:06:16 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'
  Mon May 28 18:51:45 2012 mark [...] workingtraffic.com - Correspondence added
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Mon, 28 May 2012 18:51:29 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Thanks for the encouragement Steffen ! On 2012/May/28, at 4:06 PM, Steffen Ullrich via RT wrote: <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > Am Do 24. Mai 2012, 11:30:53, mark@workingtraffic.com schrieb: Show quoted text
> Thanks Steffen, I will take your advice. > > ...the last update on ::TLS is sad though, I get the feeling nobody > uses Perl anymore :-/
fortunatly there are still lots of people using perl, otherwise you would not get help here :) ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com
  Mon May 28 18:51:46 2012 The RT System itself - Status changed from 'rejected' to 'open'
  Tue May 29 01:31:27 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'
  Fri Jun 01 12:23:47 2012 mark [...] workingtraffic.com - Correspondence added
CC: behroozi [...] www.pls.uni.edu, Matthew Hochman <mdhochman [...] optonline.net>
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Fri, 1 Jun 2012 12:23:32 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Hi Steffen, Sorry to trouble you again but is there any way I can contact the author of the ::TLS module and see if he/she could make the very quick change (you mention below). I have resolved my problem "finally" (by just using Net::SMTP and getting my IP address whitelisted and not authenticating with the SMTP server anymore), I could not get ::GLUE to work :-/ I would really like to be able to use the ::TLS module again, if it was updated I could just re-install the module. I really don't want to hack it becuase then it will break again with no way for me to know about it and I cannot get the SMTP hosts of all my clients to whitelist my IP address, If nobody else wants to update TLS I will gladly volunteer. It's just one line of code as you say? Best regards, Mark. On 2012/May/24, at 10:11 AM, Steffen Ullrich via RT wrote: <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > Am Do 24. Mai 2012, 10:00:58, mark@workingtraffic.com schrieb: Show quoted text
> Thanks for the prompt reply Steffen! > > So if I understand correctly I have two options: > > Hack Net::SMTP::TLS to remove the setting of SSL version number ( I am > not sure I am up to that task and it sounds unreliable)
it's just a single line: if(not IO::Socket::SSL::socket_to_SSL($me->{sock}, - SSL_version => "SSLv3 TLSv1")){ + )){ croak "Couldn't start TLS: ".IO::Socket::SSL::errstr."\n"; Show quoted text
> use Net::SSLGlue::SMTP instead of Net::SMTP::TLS which avoids the > version number issue > > Could you just confirm that I am understanding my situation correctly > ?
yes. Show quoted text
> Also do you have any ETA for a bug fix to solve the issue?
The bug is in Net::SMTP::TLS (use of parameter SSL_version in undocumented way, it never did what the author intended), not in IO::Socket::SSL. So if you want to have it fixed hope that it gets fixed in Net::SMTP::TLS. But given that there are no updates since 2006 it probably will never be fixed there. On the long run the best way would be to use Net::SMTP with Net::SSLGlue::SMTP, because both are activly maintained. Regards, Steffen ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com

Message body is not shown because it is too large.

  Fri Jun 01 12:23:48 2012 The RT System itself - Status changed from 'rejected' to 'open'
  Fri Jun 01 12:50:24 2012 Steffen_Ullrich [...] genua.de - Correspondence added
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Fri, 1 Jun 2012 18:50:05 +0200
To: Mark Underwood via RT <bug-IO-Socket-SSL [...] rt.cpan.org>
From: Steffen Ullrich <Steffen_Ullrich [...] genua.de>
On Fri, Jun 01, 2012 at 12:23:47PM -0400, Mark Underwood via RT <bug-IO-Socket-SSL@rt.cpan.org> wrote: Show quoted text
> Queue: IO-Socket-SSL > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > > > Hi Steffen, > > Sorry to trouble you again but is there any way I can contact the author > of the ::TLS module and see if he/she could make the very quick change > (you mention below). I have resolved my problem "finally" (by just using > Net::SMTP and getting my IP address whitelisted and not authenticating > with the SMTP server anymore), I could not get ::GLUE to work :-/
Sorry, but I don't know the author of the ::TLS module and given the number of existing bug reports and no reaction for a couple of years I doubt, that there will be a quick reaction. But I could help you if you have problems using the SSLGlue module, since I'm the author of it. But since it does not have anything to do with solving this bug I would suggest that you contact me outside of the bug tracking at Steffen_Ullrich@genua.de. Regards, Steffen -- GeNUA Gesellschaft für Netzwerk - und Unix-Administration mbH Domagkstr. 7, D-85551 Kirchheim. http://www.genua.de Tel: (089) 99 19 50-0, Fax: (089) 99 10 50 - 999 Geschäftsführer: Dr. Magnus Harlander, Dr. Michaela Harlander, Bernhard Schneck. Amtsgericht München HRB 98238
  Thu Jun 07 08:53:01 2012 mark [...] workingtraffic.com - Correspondence added
Subject: Re: [rt.cpan.org #77401] invalid SSL_version specified at /usr/lib/perl5/site_perl/5.8.8/IO/Socket/SSL.pm line 308
Date: Thu, 7 Jun 2012 08:52:44 -0400
To: bug-IO-Socket-SSL [...] rt.cpan.org
From: Mark Underwood <mark [...] workingtraffic.com>
Hi Steffen, Many thanks for your offer to help, I keep thinking I will have time to try and get that script working again, but of course something keeps coming up. So seeing how it may be some time before I get back to this I thought I should thank you for your help so far. I will try and get the script to work though because my current solution is not reliable. For example if my mail service removes the main servers IP address from it's white list suddenly the e-mail will stop being sent and I will have no way of knowing :-/ Thanks again, Mark. On 2012/Jun/01, at 12:50 PM, Steffen Ullrich via RT wrote: <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > On Fri, Jun 01, 2012 at 12:23:47PM -0400, Mark Underwood via RT <bug-IO-Socket-SSL@rt.cpan.org> wrote: Show quoted text
> Queue: IO-Socket-SSL > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=77401 > > > Hi Steffen, > > Sorry to trouble you again but is there any way I can contact the author > of the ::TLS module and see if he/she could make the very quick change > (you mention below). I have resolved my problem "finally" (by just using > Net::SMTP and getting my IP address whitelisted and not authenticating > with the SMTP server anymore), I could not get ::GLUE to work :-/
Sorry, but I don't know the author of the ::TLS module and given the number of existing bug reports and no reaction for a couple of years I doubt, that there will be a quick reaction. But I could help you if you have problems using the SSLGlue module, since I'm the author of it. But since it does not have anything to do with solving this bug I would suggest that you contact me outside of the bug tracking at Steffen_Ullrich@genua.de. Regards, Steffen -- GeNUA Gesellschaft für Netzwerk - und Unix-Administration mbH Domagkstr. 7, D-85551 Kirchheim. http://www.genua.de Tel: (089) 99 19 50-0, Fax: (089) 99 10 50 - 999 Geschäftsführer: Dr. Magnus Harlander, Dr. Michaela Harlander, Bernhard Schneck. Amtsgericht München HRB 98238 ------------------------ Mark Underwood Traffic Director Working Traffic Inc. +1(516)669-0006 mark@workingtraffic.com

Message body is not shown because it is too large.

  Thu Jun 07 09:04:54 2012 Steffen_Ullrich [...] genua.de - Status changed from 'open' to 'rejected'